Red Hat Bugzilla – Bug 1148832
CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
Last modified: 2015-07-31 03:27:49 EDT
Another flaw was reported in the Squid pinger program due to incorrect input validation. This could be used to cause a Denial of Service or information leak when the pinger program processes ICMP or ICMPv6 packets. While this problem exists in the source code of squid packages as shipped with Red Hat Enterprise Linux 6 and 7, as well as current Fedora releases, the program itself is not built. Statement: This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not provide the vulnerable program "pinger". External References: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
Upstream commit: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13583 The above commit fixes both CVE-2014-7141 and CVE-2014-7142. The CVE-2014-7142 issue is an integer underflow when computing size of the ICMP reply data. This leads to an attempt to copy large amount of data, which should trigger pinger process crash. Unlike CVE-2014-7141, this issue only existed in ICMP(v4) handling, the ICMPv6 previously had similar check.